HSBC Accounts Accessed By Unauthorized Users In Security Incident

Global banking behemoth HSBC has confirmed a security incident this week which allowed unauthorized users to access online accounts. The company has confirmed the breach to authorities in California but has not disclosed how many of its customers were affected. Unauthorized users were able to access online accounts between October 4th, 2018 and October 14th, 2018.

HSBC has said that it suspended access to online accounts for all customers who were impacted by this breach. It also initiated procedures to change passwords for those accounts. HSBC said in its statement that it has also added an “extra layer” of security to accounts but didn’t explain further.

The company has not confirmed details that some of its customers might be interested in knowing. It hasn’t revealed the number of users affected by the breach and hasn’t said whether only customers in the United States were affected or if the breach targeted international customers as well.

The description of the breach that HSBC has provided makes it seem like a credential stuffing attack. This is when attackers use passwords and usernames that are leaked in other data breaches to try and access accounts. Since many users have the habit of using the same credentials for other online services, these attacks often bear fruit.

HSBC has confirmed that some of these attacks were indeed successful and that the attackers were able to access some customer details. It has offered to provide impacted customers with free credit monitoring and identity theft protection.